fix: p11prov_tls_constant_time_depadding bug corrected

Signed-off-by: Sebastien ANDERT <[email protected]>
latchset · Sep 5, 2024 · 2320447 · 2320447
1 parent 0c7504e
commit 2320447
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/src/asymmetric_cipher.c b/src/asymmetric_cipher.c
@@ -271,7 +271,7 @@ p11prov_tls_constant_time_depadding(struct p11prov_rsaenc_ctx *encctx,
         return RET_OSSL_ERR;
     }
 
-    cond = constant_equal(*out_size, 2 + length);
+    cond = constant_equal(*out_size, length);
 
     ver_cond = constant_equal(buf[0], encctx->tls_padding.client_ver_major);
     ver_cond &= constant_equal(buf[1], encctx->tls_padding.client_ver_minor);
@@ -286,7 +286,7 @@ p11prov_tls_constant_time_depadding(struct p11prov_rsaenc_ctx *encctx,
     }
     cond &= ver_cond;
 
-    constant_select_buf(cond, length, out, buf + 2, randbuf);
+    constant_select_buf(cond, length, out, buf, randbuf);
 
     *out_size = length;
     *ret_cond = cond;

diff --git a/tests/tlsctx.c b/tests/tlsctx.c
@@ -14,7 +14,7 @@ static void test_pkcs1_with_tls_padding(void)
     EVP_PKEY_CTX *ctx;
     EVP_PKEY *prikey;
     EVP_PKEY *pubkey;
-    unsigned char plain[SSL_MAX_MASTER_KEY_LENGTH + 2] = { 0x03, 0x03, 0x01 };
+    unsigned char plain[SSL_MAX_MASTER_KEY_LENGTH] = { 0x03, 0x03, 0x01 };
     unsigned char enc[1024];
     unsigned char dec[1024];
     size_t enclen;
@@ -97,8 +97,7 @@ static void test_pkcs1_with_tls_padding(void)
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(prikey);
 
-    if ((declen != sizeof(plain) - 2)
-        || (memcmp(plain + 2, dec, declen) != 0)) {
+    if ((declen != sizeof(plain)) || (memcmp(plain, dec, declen) != 0)) {
         fprintf(stderr, "Fail, decrypted master secret differs from input\n");
         ossl_err_print();
         exit(EXIT_FAILURE);